Transcript lecture 8

8
Chapter
Eight
Server-side Scripts
8
Chapter Objectives
• Create dynamic Web pages that retrieve and
display database data using Active Server
Pages
• Process form inputs using Active Server
Pages
• Create a Web application using client- and
server-side scripts
8
Chapter Objectives
• Learn how to share data values among
different pages in a Web application
• Insert, update, and delete database records
using Active Server Pages
8
Server-side Scripts
• Server-side scripts
– Scripts that are processed on the Web server
– Used to create dynamic Web pages that retrieve and
display database data and modify data records
• Active Server Pages
– Microsoft-specific Web pages containing serverside scripting commands to process user inputs and
create dynamic Web pages that display database
data
8
Server-side Scripts
Figure 8-1:
Web site
architecture
using a
server-side
script
8
Active Server Pages
• Active Server Page (ASP)
– Text file that has an .asp extension and contains
server-side script commands that can perform a
variety of tasks
– Usually contains HTML commands for creating a
formatted Web page
• Netscape has a server-side scripting
technology called LiveWire that is similar to
Active Server Pages
8
Active Server Pages
• Since ASPs are processed on a Web server,
ASP files must be stored and run from a
folder on the Web server
– They cannot be displayed from a folder on the
user’s workstation using a file URL
– Programmers often store program files in
folders that are named “bin” or have the word
“bin” as part of the folder name
8
Active Server Pages
• Access privileges that are available in Personal
Web Server (PWS) include:
– Read, which only allows users to view HTML
documents
– Execute, which allows users to run Web pages that
contain executable programs as well as scripts
– Scripts, which allows users to run Web pages that
contain scripts, but do not run Web pages that contain
executable programs
8
Active Server Pages
• When creating an ASP, it is good practice to:
– First create a static HTML Web page template file
that contains all of the HTML tags and formatted
text that you want to have displayed on the
formatted Web page that is generated by the ASP
– Then, add the script code for the dynamic
components and be certain that the page’s HTML
formatting will be correct
8
ASP Commands
• The main difference between ASP files and
HTML document files is ASP files contain
ASP script code lines along with HTML
commands in the Web page body
– Script commands like HTML commands, can span
multiple lines
8
ASP Commands
• The beginning and ending points of ASP
script code lines are signaled by script
delimiter tags
– The opening script delimiter tag is an opening
angle bracket and a percent sign (<%)
– The closing script delimiter tag is a percent sign
and a closing angle bracket (%>)
8
Displaying Database Data
in an ASP
• To create an ADO database connection object,
you must create a server object
– Memory area on the Web server that stores the
variables and other information needed to process
the ASP
• Every time the ASP is executed, a new server
object must be created
8
Displaying Database Data
in an ASP
• In the code to open an ODBC connection
– You must specify the name of the server object,
and use the Open method to specify that the
object is to be opened
– Specify the database type and database
location; for an Access database, the database
location is the drive letter, folder, path, and
database filename
8
Displaying Database Data
in an ASP
Figure 8-5: Code to open an Access database connection object
8
Displaying Database Data
in an ASP
• When finished using a database connection
object, close the database connection; this
makes its resources available to other Web
server processes
8
Displaying Database Data
in an ASP
• In a Web page with server-side scripts:
– All of the server-side commands enclosed in
<%…%> script delimiter tags are removed by
the Web server when the Web page is processed
– Only the finished HTML commands are sent to
the user’s browser for display
8
Passing URL parameters
to an ASP
• URL parameter
– Parameter passed to a target ASP as part of the
ASP’s URL
– Each URL parameter consists of a name/value
pair, which consists of:
• The name of parameter variable
• An equal sign (=)
• The current parameter value
8
Passing URL parameters
to an ASP
• Note the parameter list is separated from the
ASP filename with a question mark (?)
• If there are multiple URL parameter
name/value pairs, each pair is separated
from the next by an ampersand (&)
• Often, the URL parameter variable value is
a value that must be inserted within the
hyperlink tag
8
Retrieving Input Parameters
into an ASP
• To retrieve the value of a variable that is passed as
a URL parameter, use the Request object
– An object within an ASP that stores information that is
sent from a user’s browser to the Web server
• The Request object has a Querystring property,
which contains the name of the variable whose
value will be retrieved as a URL parameter
8
Retrieving Input Parameters
into an ASP
• It can be tricky to create SQL queries that
use URL parameters - You must concatenate
text strings, blank spaces, and variable
values together so that the variable string is
formatted correctly
8
Retrieving Input Parameters
into an ASP
• Whenever creating a SQL query in an ASP
that requires concatenating variable values
together so that the variable string is
formatted correctly, it is good practice to:
– Create a string variable
– Then assign the text that constitutes the query
to the string variable
8
Debugging ASP Scripts
• The common errors of forgetting to save a
modified ASP file, or displaying a cached
version of a previous file, apply to ASPs as
well as client-side scripts
• When calling an ASP from another Web page
and passing URL parameter values, always
confirm the parameter name/value pairs are
passed correctly by viewing the URL of the
hyperlink that calls the ASP
8
Debugging ASP Scripts
• A common error in ASP scripts occurs when inadvertently
omitting an opening or closing script delimiter tag
Figure 8-16: Source code with omitted script delimiter tag
8
Debugging ASP Scripts
Figure 8-17: Error message resulting from omitted script delimiter tag
8
Debugging ASP Scripts
• When looking for causes of errors, always look at
the code lines immediately before the line reported
in the error message
• If you cannot locate the error visually, the next
step is to systematically locate the code line that is
causing the error
• In an ASP, you can track script execution by
adding debugging messages
8
Sharing Data Values Among
Multiple ASPs
• Web applications with multiple pages
usually share data values
• One approach is to pass data values from
one Web page to a second Web page as
URL parameters
• A second way to share data values among
ASPs is to use form parameters
8
Sharing Data Values Among
Multiple ASPs
• Form parameters
– Similar to URL parameters in that they consist of
name/value pairs, and each name/value pair is separated
from the next parameter name/value pair by an
ampersand (&)
– More convenient to use than URL parameters for
passing form input values from one Web page to
another
– A problem with passing parameters either as URL
parameters or as form parameters is that it forces the
pages to be viewed in a certain order to ensure that the
correct parameters are always passed
8
Recordset
• To determine if a recordset contains data
records, use the recordset beginning-of-file
(BOF) and end-of-file (EOF) properties
• Recordset pointer - indicates the position of
the current record in the recordset that is
available for processing
8
Recordset
• The BOF recordset property is true when the
recordset pointer is before the first recordset
record
• The EOF property is true when the recordset
pointer is beyond the last record in the recordset
• If the recordset does not contain any records, both
the BOF and EOF properties are false, and the
recordset pointer is pointing to a valid recordset
record
8
Creating Client-side Scripts
in ASPs
• Preprocessing the ASP
– Use client-side scripts within ASPs so that
when the user clicks a button on an HTML
form, the form runs a client-side script that is
embedded within the HTML code on the ASP
8
Currently Selected Button in an
Option Button Group
• To find the value of the currently selected
option button of an HTML form, use a
client-side script to write script code that:
– Searches all of the form fields
– Locates the form elements if the option button
is selected
• When a code finds an option button, it
checks to see if the option button is selected
8
Currently Selected Button in an
Option Button Group
• In referencing properties of HTML form
elements in a client-side script, the property
attribute can reference the following values:
– Length, which returns the total number of form
elements
– Name, which references the name of an individual
form element
– Checked, which determines if a form radio button
is selected
8
Inserting Database Records with
Jet Recordset Commands
• To insert new data records using Jet recordset
commands, you must create a Web server object
that is a recordset
• The advantage of using Jet recordset commands is
that when you insert a new record in a table where
the primary key is an AutoNumber data type, you
can then immediately retrieve the value of the
system-generated primary key
8
Inserting Database Records with
Jet Recordset Commands
• Parameters used by the recordset Open
method command:
– Data source
• A text string
– Connection name
• Name of the ADO connection used to
connect to the database
8
Inserting Database Records with
Jet Recordset Commands
• Parameters used by the recordset Open
method command (cont.):
– Cursor type
• Numerical value that specifies how records in the
recordset can be viewed
• By default, the cursor type value is the number 0,
which specifies the cursor is forward-only
• When updating records in a recordset, set the cursor
type value to 1, which specifies that the cursor is a
keyset cursor
8
Inserting Database Records with
Jet Recordset Commands
• Parameters used by the recordset Open
method command (cont.):
– Lock type
• Specifies how the recordset records are locked
• When this value is set to the number 1, the recordset
is read-only
• When the lock type value is set to 2, pessimistic
locking is enabled
• When the lock type value is set to 3, optimistic
locking is enabled
8
Using SQL Commands to Insert
and Modify Database Records
• Advantage of using SQL commands
– Allows your Web application to be used with databases
other than Access
• Disadvantage of using SQL commands
– There is no easy way to insert a new record into an
Access database table that uses the AutoNumber data
type for the record’s primary key, and then immediately
retrieve the value of the new primary key into an ASP
variable for further processing
8
Creating Cookies in
Server-side Scripts
• When a Web server requests a browser to
create a cookie, this message must be sent in a
header message to the browser
– This arrangement is required because the request to
create a cookie must be the first command that the
browser receives from the Web server when it
sends a Web page to be displayed
8
Creating Cookies in
Server-side Scripts
• To send a header message instructing a
browser to create a cookie name/value pair, the
Web page output must be buffered
– This means that as the ASP commands are
executed, all of the output is stored on the Web
server, and then is sent to the browser as a single
unit after all of the script commands have been
executed to the Web server
8
Suppressing Form Parameter
Values in URLs
• HTML forms have two primary methods for
sending inputs to a Web server:
– The default method, also called the GET
method
– The POST method
8
Suppressing Form Parameter
Values in URLs
• After receiving form inputs, a GET request is
passed as an environment variable to the
program processing the request
– An environment variable is a variable that is stored
on a workstation and is available to any program
running on the workstation
8
Suppressing Form Parameter
Values in URLs
• Two problems with the GET method
– Parameter values are displayed in the URL address
– Environment variables typically are limited to 255
characters
• HTML forms in Web applications should use
the POST method to hide form parameters
8
Summary
• Server-side scripts are processed on the
Web server and are used to create dynamic
Web pages
• Microsoft’s technology for supporting
server-side scripts is called Active Server
Pages (ASPs)
• An ASP must be stored in a folder on the
Web server
8
Summary
• To pass data values from one ASP to
another, you can pass a URL parameter
• When an HTML form is submitted to the
Web server, the values for all of the form
elements are passed as form parameters
• Data values can also be shared using
cookies
8
Summary
• You can preprocess and ASP using client-side
script commands embedded within the HTML
commands generated by the ASP by enclosing
the client-side script commands in
<SCRIPT>…</SCRIPT>tags in the ASP
heading section
• To insert database records using an ASP, you
can insert the records using Jet recordset
commands or SQL commands
8
Summary
• When a Web server requests a browser to
create a cookie, this request message must
be sent in a header message to the browser
• To suppress form parameter values from
appearing as part of the URL displayed in
the browser’s Address box, you can submit
HTML forms using the POST method